Description

Joomla Introduction
Joomla is a well-known foreign content management system, belonging to Portal (Enterprise Portal Website) type, which is more suitable for business. Joomla, one of the most popular open-source CMS content management systems in the world, uses PHP language and MySQL database to develop website content management system and supports execution on different platforms such as Linux, indows and Mac OS X.

Vulnerability Analytics
The cause of vulnerability is similar to the previous CVE-2015-8562. The \0 encoding conversion changes bits of serialized data, closes the original serialized data based on the difference in bits, allows the attacker to insert the crafted malicious serialized data after the closed serialized data, and send it to the server to perform deserialization parsing and execute the malicious code therein. The new PoC is different from the previous one in that the new PoC has been added || $a=’http//’; The added code is mainly to satisfy the feed_url parameter assignment in the call_user_func function in the simplepie.php file.

VULNERABILITY REPRODUCTION
Access the index.php/component/users path, pass malicious serialized data in this path, or directly use the exp script exposed in the exploit-db to exploit the vulnerability. Vulnerability exploit can be achieved by writing Trojan directly to configuration.php, as shown in the following figure:
Alert Joomla 346 Remote Code Execution Vulnerability
Impacts
Globally, there are over 617135 Struts2-based assets are open to the Internet, among which 1,218 are in China,

Affected Joomla version:
Joomla 3.0.0 - 3.4.6

Reference
https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41

Solution

Sangfor Security Cloud has been updated in the first place and gained the ability to scan websites for this vulnerability and ensure user security. If you are not sure whether your business systems have this vulnerability, sign in to Sangfor Visioner to apply for a 30-day free trial and check security health.

Sangfor Host Security has updated in the first place, customers can easily and quickly detect this high-risk attack by selecting vulnerability detection.

For Sangfor NGAF customers, simply turn on the corresponding security protection feature.

Sangfor CloudWAF has automatically updated the protection rules in the first place. Customers can defend against this high risk without any operation.

Remediation
The officially-released latest version has fixed the vulnerability. Joomla Users of the affected version can download the latest version for defense. Download link: https://downloads.joomla.org/cms/joomla3.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Retail Cybersecurity–Risks and Data Breaches in E-commerce

Date : 21 Nov 2024
Read Now
Cyber Security

UN and WHO Warn of Ransomware Healthcare Crisis Becoming a Global Threat

Date : 18 Nov 2024
Read Now
Cyber Security

Election Security: Cyber Fraud Through AI, Deep Fakes, and Social Engineering

Date : 13 Nov 2024
Read Now

See Other Product

Platform-X
Sangfor Access Secure
Sangfor SSL VPN
Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure